Book Image

Linux for Networking Professionals

By : Rob VandenBrink
1 (1)
Book Image

Linux for Networking Professionals

1 (1)
By: Rob VandenBrink

Overview of this book

As Linux continues to gain prominence, there has been a rise in network services being deployed on Linux for cost and flexibility reasons. If you are a networking professional or an infrastructure engineer involved with networks, extensive knowledge of Linux networking is a must. This book will guide you in building a strong foundation of Linux networking concepts. The book begins by covering various major distributions, how to pick the right distro, and basic Linux network configurations. You'll then move on to Linux network diagnostics, setting up a Linux firewall, and using Linux as a host for network services. You'll discover a wide range of network services, why they're important, and how to configure them in an enterprise environment. Finally, as you work with the example builds in this Linux book, you'll learn to configure various services to defend against common attacks. As you advance to the final chapters, you’ll be well on your way towards building the underpinnings for an all-Linux datacenter. By the end of this book, you'll be able to not only configure common Linux network services confidently, but also use tried-and-tested methodologies for future Linux installations.

Related Content you might be interested in

Current Title:

Small book image
Linux for Networking Professionals
Rob VandenBrink
Nov, 2021 | 528 pages
Small book image
Linux Administration Cookbook
Adam K Dean
Dec, 2018 | 826 pages
Small book image
CompTIA Linux+ Certification Guide
Philip Inshanally
Sep, 2018 | 590 pages
Small book image
Linux for System Administrators
Viorel Rudareanu | Daniil Baturin
Sep, 2023 | 294 pages
Table of Contents (20 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Download the example code files
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Linux Basics
Section 1: Linux Basics
Free Chapter
2
Chapter 1: Welcome to the Linux Family
Chapter 1: Welcome to the Linux Family
Why Linux is a good fit for a networking team
Mainstream data center Linux
Specialty Linux distributions
Virtualization
Picking a Linux distribution for your organization
Summary
Further reading
3
Chapter 2: Basic Linux Network Configuration and Operations – Working with Local Interfaces
Chapter 2: Basic Linux Network Configuration and Operations – Working with Local Interfaces
Technical requirements
Working with your network settings – two sets of commands
Displaying interface IP information
IPv4 addresses and subnet masks
Assigning an IP address to an interface
Summary
Questions
Further reading
4
Section 2: Linux as a Network Node and Troubleshooting Platform
Section 2: Linux as a Network Node and Troubleshooting Platform
5
Chapter 3: Using Linux and Linux Tools for Network Diagnostics
Chapter 3: Using Linux and Linux Tools for Network Diagnostics
Technical requirements
Network basics – the OSI model
Layer 2 – relating IP and MAC addresses using ARP
Layer 4 – how TCP and UDP ports work
Local port enumeration – what am I connected to? What am I listening for?
Remote port enumeration using native tools
Remote port and service enumeration – nmap
Wireless diagnostic operations
Summary
Questions
Further reading
6
Chapter 4: The Linux Firewall
Chapter 4: The Linux Firewall
Technical requirements
Configuring iptables
Configuring nftables
Summary
Questions
Further reading
7
Chapter 5: Linux Security Standards with Real-Life Examples
Chapter 5: Linux Security Standards with Real-Life Examples
Technical requirements
Why do I need to secure my Linux hosts?
Cloud-specific security considerations
Commonly encountered industry-specific security standards
The Center for Internet Security critical controls
The Center for Internet Security benchmarks
SELinux and AppArmor
Summary
Questions
Further reading
8
Section 3: Linux Network Services
Section 3: Linux Network Services
9
Chapter 6: DNS Services on Linux
Chapter 6: DNS Services on Linux
Technical requirements
What is DNS?
Two main DNS server implementations
Common DNS implementations
DNS troubleshooting and reconnaissance
DoH
DoT
Summary
Questions
Further reading
10
Chapter 7: DHCP Services on Linux
Chapter 7: DHCP Services on Linux
How does DHCP work?
Securing your DHCP services
Installing and configuring a DHCP server
Summary
Questions
Further reading
11
Chapter 8: Certificate Services on Linux
Chapter 8: Certificate Services on Linux
Technical requirements
What are certificates?
Acquiring a certificate
Using a certificate – web server example
Building a private Certificate Authority
Securing your Certificate Authority infrastructure
Certificate Transparency
Certificate automation and the ACME protocol
OpenSSL cheat sheet
Summary
Questions
Further reading
12
Chapter 9: RADIUS Services for Linux
Chapter 9: RADIUS Services for Linux
Technical requirements
RADIUS basics – what is RADIUS and how does it work?
Implementing RADIUS with local Linux authentication
RADIUS with LDAP/LDAPS backend authentication
Unlang – the unlanguage
RADIUS use-case scenarios
Using Google Authenticator for MFA with RADIUS
Summary
Questions
Further reading
13
Chapter 10: Load Balancer Services for Linux
Chapter 10: Load Balancer Services for Linux
Technical requirements
Introduction to load balancing
Load balancing algorithms
Server and service health checks
Datacenter load balancer design considerations
Building a HAProxy NAT/proxy load balancer
A final note on load balancer security
Summary
Questions
Further reading
14
Chapter 11: Packet Capture and Analysis in Linux
Chapter 11: Packet Capture and Analysis in Linux
Technical requirements
Introduction to packet capturing – the right places to look
Performance considerations when capturing
Capturing tools
Filtering captured traffic
Troubleshooting an application – capturing a VoIP telephone call
Summary
Questions
Further reading
15
Chapter 12: Network Monitoring Using Linux
Chapter 12: Network Monitoring Using Linux
Technical requirements
Logging using Syslog
The Dshield project
Collecting NetFlow data on Linux
Summary
Questions
Further reading
16
Chapter 13: Intrusion Prevention Systems on Linux
Chapter 13: Intrusion Prevention Systems on Linux
Technical requirements
What is an IPS?
Architecture options – where does an IPS fit in your data center?
IPS evasion techniques
Classic/network-based IPS solutions – Snort and Suricata
Suricata IPS example
Constructing an IPS rule
Passive traffic monitoring
Zeek example – collecting network metadata
Summary
Questions
Further reading
17
Chapter 14: Honeypot Services on Linux
Chapter 14: Honeypot Services on Linux
Technical requirements
Honeypot overview – what is a honeypot, and why do I want one?
Deployment scenarios and architecture – where do I put a honeypot?
Risks of deploying honeypots
Example honeypots
Distributed/community honeypot – the Internet Storm Center's DShield Honeypot Project
Summary
Questions
Further reading
18
Assessments
Assessments
Chapter 2 – Basic Linux Network Configuration and Operations – Working with Local Interfaces
Chapter 3 – Using Linux and Linux Tools for Network Diagnostics
Chapter 4 – The Linux Firewall
Chapter 5 – Linux Security Standards with Real-Life Examples
Chapter 6 – DNS Services on Linux
Chapter 7 – DHCP Services on Linux
Chapter 8 – Certificate Services on Linux
Chapter 9 – RADIUS Services for Linux
Chapter 10 – Load Balancer Services for Linux
Chapter 11 – Packet Capture and Analysis in Linux
Chapter 12 – Network Monitoring Using Linux
Chapter 13 – Intrusion Prevention Systems on Linux
Chapter 14 – Honeypot Services on Linux
Why subscribe?
19
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Constructing an IPS rule

We've mentioned IPS signatures several times, in particular Snort rules – let's take a look at how they are constructed. Let's look at an example rule, which alerts us of a suspicious DNS request that contains the text .cloud:

alert dns $HOME_NET any -> any (msg:"ET INFO Observed DNS Query to .cloud TLD"; dns.query; content:".cloud"; nocase; endswith; reference:url,www.spamhaus.org/statistics/tlds/; classtype:bad-unknown; sid:2027865; rev:4; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2019_08_13, deployment Perimeter, former_category INFO, signature_severity Major, updated_at 2020_09_17;)

The rule is broken into several sections. Starting from the beginning of the rule, we have our rule header:

The Flow section is not shown – Suricata normally only detects flows for TCP data.

This is followed by the rule's Message section:

...
Previous Section
End of Section 8
Next Section